BSA demands new cybersecurity legislation

The BSA (Business Software Alliance) has called on the US Congress to pass legislation that would address new types of cybercrimes and increase funding for law enforcement.

Grant Gross
October 17, 2007

Share

Twitter

Facebook

LinkedIn

The Business Software Alliance (BSA) has called on the US Congress to pass legislation that would address new types of cybercrimes and increase funding for law enforcement.

Members of the BSA have asked Congress to pass the Cyber-Security Enhancement Act, which would expand the computer crimes statute in federal law to include the stealing of access codes or electronic identifiers from a computer. The bill would also make it a crime to access a computer without authorisation, even if the access does not cause damage, and it would define a new crime of conspiracy to commit cybercrime.

US computers have "never been so vulnerable to attack", said Art Coviello, president of the RSA security division of EMC. In many cases, the vulnerabilities come from companies and individuals needing to share more and more information with others, "without understanding the risks", he said.

Companies and individual computer users need to rethink the way they address security, said Coviello, speaking at a BSA forum. Computer users need to reject popular beliefs that security can be bolted on to software after it's developed and that security can be accomplished with a perimeter defence, he said.

Cybersecurity needs to become more granular, and organisations must begin to prioritise what information they need to keep most safe, Coviello said. "Security needs to adapt to facts and circumstances," he said.

Coviello criticised Congress, saying it only focuses on cybersecurity for a short time each year, when US agency cybersecurity grades come out. In the following weeks, some members of Congress will get up in arms about all the bad grades, then forget about the issue, he said.

But what US agencies need is funding for cybersecurity efforts, he said.

"Give money, not lectures," Coviello said. "Then you can hold people accountable."

The Cyber-Security Enhancement Act, introduced in May, would also give an additional $10m a year to three US government agencies that fight cybercrime.

Representative Steve Chabot, an Ohio Republican and co-sponsor of the bill, told the BSA that more laws are needed to fight organised cybercrime.

"The rise in the number of sophisticated cybercrimes ... shows that we need to do more to protect individuals and businesses," Chabot said. "These cyber attacks are becoming increasingly sophisticated."